SSRF Vulnerability in BentoML Python Library Exposes Systems to Remote Attacks
CVE-2025-54381
Key Information:
Badges
What is CVE-2025-54381?
CVE-2025-54381 is a significant vulnerability found in the BentoML Python library, widely used for developing online serving systems optimized for artificial intelligence applications and model inference. This particular vulnerability, present in versions 1.4.0 to 1.4.19, is characterized by a server-side request forgery (SSRF) flaw. It allows unauthorized remote attackers to manipulate the server into making arbitrary HTTP requests. The issue arises from how the library handles file uploads via multipart form data and JSON request processing. Specifically, it fails to validate the user-provided URLs before downloading files, exposing the system to potential exploitation. This design, which is promoted in the documentation, creates an inherent risk where deployed services become vulnerable by default, enabling attackers to target sensitive resources and internal network addresses. A patch addressing this vulnerability was introduced in version 1.4.19.
Potential impact of CVE-2025-54381
-
Unauthorized Access to Internal Resources: Exploiting this vulnerability can allow attackers to send requests to sensitive internal services, leading to unauthorized access and information leakage from protected interfaces that should not be exposed to external networks.
-
Arbitrary Code Execution: If the attacker can manipulate the request sufficiently, they could leverage the SSRF to execute commands on the server's operating system, potentially leading to full system compromise and control over deployed models and AI applications.
-
Data Breaches and Financial Losses: The exploitation of this vulnerability could result in data breaches where confidential information is accessed or exfiltrated. Organizations may face significant financial repercussions, including regulatory fines, loss of customer trust, and costs associated with incident response and remediation efforts.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
BentoML >= 1.4.0, < 1.4.19
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
wiz.ioCVE-2025-54381CVE-2025-54381 Impact, Exploitability, and Mitigation Steps | Wiz
Understand the critical aspects of CVE-2025-54381 with a detailed vulnerability assessment, exploitation potential, affected technologies, and remediation guidance.
CVE-2025-54381: BentoML SSRF Vulnerability in File Upload Processing
Learn about CVE-2025-54381, a critical SSRF vulnerability in BentoML's file upload processing. Understand its impact, how to fix it, and explore FAQs for better security.
CVE-2025-54381 β CVE Details | CVETodo
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. In versions 1.4.0 until 1.4.19, the file upload processing system contains an SSRF vulnerability that allows unauthenticated remote attackers to force the server to make arbitrary HTTP requests...
References
CVSS V3.1
Timeline
- π‘
Public PoC available
- πΎ
Exploit known to exist
- π°
First article discovered by VulDB
Vulnerability published
Vulnerability Reserved